Figure 1. A board with FPGA implementation is the 6U high-performance SBC with 16 cores and FPGA-based VMEbus interface. It is used in the LHC of the CERN Institute and is not only technically considered a safe board among developers.

The specifications for safety-critical embedded systems are often given for specific industries and are subject to strict standards. There is no scope for errors in hardware or software. Typical applications can be found in trains, buses, ships and aircraft as well as in more complex applications in industrial automation, medical technology or the energy industry. The factor of functional safety must be accorded particular importance in this context. But is it possible to design a system in such a way that it absorbs all known risks through its design? This includes accidental failures caused by component failures, EMC influences or cosmic radiation as well as possible design errors that can be avoided during development by appropriate processes. And is it possible to certify systems according to the safety standards of the different markets if most of the available standard components do not cover these standards by default? A self-generated verification is usually very time-consuming - especially if the components are complex. In addition, it is sometimes only possible in cooperation with the component manufacturer, as this also requires an insight into the production processes. But do they go along with it? Often not, because functional safety is a niche market for most suppliers of standard components used in embedded computers. But how can this dilemma be overcome and yet functionally safe systems developed?

A very good alternative to the retrospective testing of standard components, as prescribed by the EASA certification memorandum EASA CM - SWCEH - 001, is the use of Field Programmable Gate Arrays, or FPGAs for short, in which the function is mapped in a new and compliant manner to the respective safety standards. This solution is ideally suited for the exact fulfilment of the safety-critical requirements of the respective industries. It even opens the possibility of efficiently implementing even highly customer-specific designs with small batch sizes and offering them at attractive prices. This makes them the suited basis for ensuring application-specific functional safety. The advantage of FPGAs is that it is not necessary to redevelop everything. Rather, functional IP building blocks can be combined as required, which saves both costs and development time. This is possible not only for the design of a specific FPGA, but also for the design of a board or system with several FPGAs, which receive their highly individual functionality via the respective FPGA adaptations.

However, before a safety-critical design can be qualified and certified, a proof of its behavior in the event of an error must be provided. This is comparatively easy with development tools for FPGAs. In the virtual development environment for FPGAs, even serious or complicated errors can be provoked to test the error behavior of the system or to check whether the system has a defined error behavior. This form of simulation is not common in software, but is part of the basic tool for FPGA design - it is also used for so-called normal developments, which do not have to meet any functional safety requirements. In this respect, FPGAs do not require any additional toolchain effort. The simulation can also be used not only to prove the correct error behavior, but also to prove the correct implementation of a function. It is therefore possible to create complete simulation reports, which can then be submitted to TÜV or other certification service providers, for example.

Monitoring of proper conditions is also extremely important in the safety-critical area, as this is the only way to detect failures and initiate appropriate actions. For example, temperatures, the functionality of components or the receiving of data must be monitored and analyzed to achieve a safe state in the event of deviations from setpoint values - such as stopping a machine or stopping a train in a controlled manner. However, finished components for the connection of input and output units - such as serial interfaces or GPIOs - rarely contain such monitoring functions as are required for functional safety, for example in accordance with EN 50129 for railways or in accordance with IEC 61508 for electronic systems with a safety function. Such functions can also be mapped very efficiently in FPGAs if there are no suitable microcontrollers. The integration of such monitoring functions into FPGAs also offers the advantage over microcontrollers that they are freely configurable and can be adapted to the application.

The saying never change a running system particularly applies to functionally safe systems. On the one hand, the costs for verifying functional safety in accordance with the standards are high and must be reproduced every time a change is made - which means that they are very cost-intensive. On the other hand, when changes are made, there is always the risk of installing a new error. For this reason, systems have been used for decades without revision, especially in rail transport and aviation. This also necessitates an obsolescence strategy for components, since standard components for industry are rarely available for more than 5 to 10 years. FPGAs offer decisive advantages here. The function is not in a dedicated component, but in the programming itself. As a result, component discontinuations are comparatively easy to handle, since the code can be ported to new FPGAs with identical functionality. Project lifetimes of more than 30 years are no problem, even if the FPGA manufacturer has to be changed. This also provides independence from a certain supplier.

With FPGAs, it is also always possible to integrate additional functions at a later date - for example, to upgrade the system. This flexibility naturally also has an effect at the beginning of the product lifecycle: if some of the hardware functions are implemented in FPGAs, this part can be tested parallel to further development. Such a procedure saves time during subsequent commissioning and testing of the entire system.

One of the most common requirements, especially in the safety-critical area, is the support of extended temperature ranges - usually from -40 to +85°C. Even here, there are often problems to find appropriately qualified standard components. However, at the latest with an extremely extended temperature range of -55 to +125°C, it becomes considerably more difficult or impossible to get components for the various hardware functions. However, FPGAs offer a sufficiently wide range for these extreme temperatures.

The most important strategy for making a system less risk-prone is redundancy - i.e. the functionally identical multiplication of important components in order to be able to compensate failures of individual components without any problems. A component that paralyses the entire system due to its failure is called Single Point of Failure (SPOF). Any important building block can be such an SPOF. In aerospace applications, for example, memory errors caused by cosmic radiation are a problem. These lead to effects such as Single Event Upsets (SEU) or Multi-Bit Upsets (MBU), where one or more bits in memory elements jump from 0 to 1 or vice versa. If critical components such as a CPU in multiple redundancy with voting are present, this increases functional safety and availability. Such redundancies including voting functionality can be built up with FPGAs, which offers the advantage that this logic can be easily copied in every instance by copying and pasting the IP logic. In the FPGA, this redundancy is repeated again in order to be able to complete its calculation, if an FPGA flip/flop fails. As a result, an almost SEU-immune implementation can be realized, when using a flash-based FPGA.

In the safety-critical environment, predictable execution times are also required in addition to reliability. The system must react to an external event in a defined time, even in the worst case. However, typical computer architectures use interrupts and DMA topologies that can negatively affect the response times of individual tasks when another task requests the same resources. The required deterministic behavior - i.e. exactly predictable in terms of time - is then difficult to achieve. For this reason, such solutions are not used for hard real-time requirements. FPGAs support real-time capability, however, since they are built in parallel. This means that the different processes do not compete with each other, but take their own predefined path, which is not disturbed by other events. This makes it much easier to ensure deterministic real-time capability with clearly defined behavior over time.

In the context of functional safety in times of the Internet of Things, Industry 4.0 and Mobility 4.0 one sooner or later also comes across security in the sense of protection against manipulation. Here too, FPGAs offer many possibilities to protect the application against manipulation, unauthorized access or duplication of data. For example, a unique key can be programmed in the FPGA. There it is stored in encrypted form in a non-volatile memory. This key can then ensure that data can only be read by applications and people who know this key. The key can also be used to identify the device communication with other devices. Because it is hardware-based, it can no longer be manipulated on the software side, which always uniquely identifies the device. A code, which is implemented in hardware cannot be copied as easily as software. In this way, an FPGA can assume valuable security functions that go much further than, for example, a Trusted Platform Module. They even have a very specific advantage over standard solutions, because if they are programmed individually, they are much less susceptible to hacking.

In addition to all these advantages of FPGAs, there are also limits to their use. On the one hand, there are the costs. They are, of course, more expensive than standard components manufactured in large batches. FPGAs can also only be used to a limited extent to implement complex solutions, because from a certain level of functionality it is better to switch to a combination of software and hardware, since microcontrollers and application processors already have a fundamental logic including various I/O interfaces off-the-shelf, which would have to be developed for FPGAs. Nevertheless, you can do a lot with FPGAs of course. For example, x86 logic already exists in FPGAs. But we are still a long way from reproducing the entire software logic that exists for x86 in FPGAs. Advantages and disadvantages must therefore be weighed up depending on the application and existing standard components. In principle, FPGAs offer flexible and safe alternatives for almost all challenges, where on the hardware or software side you would long ago have come up against development limits. Many applications that rely on functional safety cannot do without FPGA logic today.

Companies such as MEN Mikro Elektronik specialize in such FPGA-based platforms for safety-critical embedded systems and are also familiar with the requirements of specific industries. In some industries it is common practice, for example, that FPGA development is not considered in the standards, but solution providers today like to rely on the simulation results of FPGA development tools to save documentation effort for certification. In spite of all the effort involved in development, FPGAs can also save considerable time in terms of certification expenses, which sometimes cost more than the development itself. And there are already many MEN function blocks that are used in certified applications. On the one hand, they fulfill core functions of the boards. On the other hand, they represent specific I/O functions. For example, MEN IP building blocks for FPGAs include: graphic and touch display controllers, fieldbus interfaces such as CAN and MVB, different UARTs like RS232 or RS485, Ethernet and HDLC interfaces, SRAM and flash memory controllers, and GPIO, digital I/O, counter, quadrature decoder and PWM functions.

All these IP cores can be combined with cores provided by Altera (Avalon Bus) or the Open Cores Community (Wishbone Bus). Bridges developed by MEN from Wishbone-to-Avalon and Avalon-to-Wishbone round off the application-ready FPGA logic range, which is continuously being further developed and can of course also be adapted and or extended to customer-specific requirements.

ADLINK and NVIDIA are working together now to deliver Edge Computing products which include AI and deep learning technologies. At Embedded World, where ADLINK demoed autonomous mobile robotics and oth...

When the first electronic computer with almost 17,500 tubes went into operation in 1946 with ENIAC, the power loss of 175kW required special cooling. If today, seventy years later, smartphones with ov...

For three decades, industrial PCs have used two types of internal architecture: motherboards and passive backplanes. A new PCI Express over cable concept will improve the capabilities of the next comp...

In the coming years, tens of billions of IoT device will be connected and generate massively intertwined data collected from sensors, devices through the IIoT (Industrial Internet of Things) applicati...

Cloud connectivity is a subject that often involves more questions than answers. Do I use public or private cloud services? What public cloud should I use? How do I set up a private cloud? How do I ac...

There is huge potential for touch control technology in the automotive sector but also major challenges to overcome. Before embarking on new designs, engineers need to take these into account. They ne...

In this webinar, we feature the design and development of a field oriented control for a permanent magnet synchronous motor using NXP MagniV microcontroller. The workflow will guide you through model ...

In this video Tektronix explains the features in their latest 5 Series MSO Mixed Signal Oscilloscope. Features include an innovative pinch-swipe-zoom touchscreen user interface, a large high-definitio...

In this video Eric from AVX explains their supercapacitor demonstrator box at APEC 2018 in San Antonio, Texas. The box shows how a 5V 2.5-farad supercapacitor can quickly charge up using harvested ene...

In this video On Semiconductor explains their latest wireless sensor for hazardous environments at APEC in San Antonio, Texas. Intended for applications like high-voltage power cabinets and other plac...

In this video Infineon demonstrates new gate drivers using their LS-SOI technology at APEC 2018. In the demo Victorus, an Infineon application engineer, shows in real time how much better thermal the ...

In this video STMicroelectronics goes over their latest wireless-enabled STM32WB microcontroller for the IoT and intelligent devices in several live connectivity demonstrations at Embedded World 2018....

In this video Infineon goes over their latest wireless charging solutions at the Embedded World show in Nuremberg, Germany. The spokesperson explains the difference between their Qi-compatible solutio...

In this video Mark Hermeling of Grammatech talks to Alix Paultre after the Embedded World show in Nuremberg about the importance of software verification for security and safety in electronic design. ...

In this video Lattice Semiconductor walks us through their booth demonstrations at Embedded World 2018. The live demonstrations include an operating IoT remote vehicle, a low-power network used for vi...

In this video Scott from Maxim Integrated describes their latest security solution at Embedded World 2018. In the live demo he shows the DS28E38 DeepCover Secure ECDSA Authenticator, an ECDSA public k...

In this video John Weber of TechNexion talks to Alix Paultre about how the company helps its customers getting products to market faster. By choosing to work with TechNexion, developers can take advan...

In this video Mike Barr, CEO of the Barr Group, talks to Alix Paultre about cybersecurity at the Embedded World conference in Nuremberg, Germany. Too many designers, even in critical spaces like milit...

Latest Webinars, White Papers & more

Devices which are connected to the Internet must be inherently secure from time of birth. A fundamental first step is to incorporate a Secure Element which store important security information in protected way. Secure Elements need to be pre-programmed, or provisioned, in order to be useful.

During this webinar, you’ll learn how to weigh up the differences between private and public clouds and to use the AE-CLOUD1 kit to quickly interact with one of the currently supported public clouds. We will show how to leverage the Renesas Synergy Platform to establish a secure internet connection.

In this webinar, we will introduce a 80/20 development model with ADLINK’s modularized Smart Panel as an embedded building block and go in depth into how to take advantage of the 80/20 development model to cater to specific vertical markets.

This webinar will introduce a groundbreaking low power BLE device from Panasonic Industry, offering years of operation using only a CR2032 Battery for simple, prompt and sound IoT designs. The webinar will show that designing the PAN1760A Series into any IoT device is an easy task.

In this webinar, we feature the design and development of a field oriented control for a permanent magnet synchronous motor using NXP MagniV microcontroller. The workflow will guide you through model simulation using SIL/PIL models.

This white paper introduces the Quicksilver evaluation kit which caters to a diverse array of IoT applications, ranging from home appliances to smart buildings to energy meters. Powered by a Cypress SoC solution, the kit combines IEEE 802.11 a/b/g/n wireless connectivity with an embedded applications processor.

When upgrading your hardware platform to a newer and more powerful CPU with more, faster cores, you expect the application to run faster. In many cases, however this is not the case. In this paper, we examine what causes these performance issues.

In this webinar you will learn about STMicroelectronics' complete software solution for its range of Bluetooth® Low Energy radio transceivers. BlueNRG-Mesh software enables them to form a mesh network.

The smart connectivity of buildings should be central to transformation: but the reality is something else. While the ‘digital building’ has been a multi-heralded concept for some time, implementation is more problematic. This White Paper discusses the challenges and advantages of the digital building and how a major industry initiative is helping with the convergence of disparate control systems to enable the concept.

Do you want scalable, secured memory solutions which allow you to utilize existing flash memory layout to harden system level security without additional hardware? So you should attend this webinar and you will learn more about how SpiStack combines the fast random access and XIP capability of NOR with the density and cost effectiveness of NAND in one small, low-pin-count SPI package.

Due to the high popularity of NFC in the consumer market, demand for NFC applications in automotive has increased. In this webinar you will learn about NFC and its use cases for automotive, NFC Forum's NFC Controller Interface (NCI), NXP's NFC Controller NCx3340 and more...

Flash memories are nowadays a component in many Automotive systems which are safety-critical. Therefore OEMs are starting to demand a new breed of Flash ICs which can support the requirements of functional safety design at the system level better than previous generations of devices.

As an architecture for building complex systems, microservices is gaining significant traction within the development community. The adoption is on the rise, but so are the struggles associated with understanding how to test microservices.

While solder fatigue and wire lift offs have been the main limiting factors for the lifetime of conventional modules, new technologies for assembly and packaging of semiconductors have emerged and new module generations achieve much longer lifetime. This webinar will provide you some guidance for the selection of the most reliable material combination and design of the substrates.

In this webinar you will learn about the advantages and disadvantages of mainboard versus COM modules with customized or modular carriers and what are the pros and cons of an integrated COM system solution vs choosing piece parts from different vendors. We will discuss which solution is in terms of quantity, complexity, project duration and long-term availability.

The world's first cloud for any embedded display via the flatpanel controller offers full connectivity to enable central parameterization and constant monitoring of the operational status of displays. Learn more on how to easily connect displays to the IoT in this white paper.

The data sheet forms the essential basis for the selection of the right resistor. This white paper uses realistic calculation examples to clearly illustrate how a data sheet can be used to choose the appropriate resistor and what information is important.

CodeMeter License Central offers licenses with unit counters and automated processes, which makes pay-per-use models just as simple to handle as permanent or subscription licenses. In this on-demand webinar, we will go through the whole lifecycle from a number of success stories that will get you inspired to the whole set of actions that will get you started.

Today we are entering an era in which machines adapt their behaviour to humans, rather than the other way around. In this webinar you will learn about the latest Human Vision Components and about OKAO, a software which includes ten different sensing technologies related to human recognition.

Silicon carbide (SiC) MOSFETs are making major inroads into solar inverters. But latest-generation SiC MOSFETs have their limitations. This webinar zooms in for a closer look at these drawbacks and puts forward solutions to resolve the issues at hand.

The areas historically served by silicon devices have in recent years been taken over more often by Wide Band Gap Devices. In our virtual conference leading wide band gap companies together with companies from the test & measurement area provide deep insights into designing with GaN and SiC.